Mailinglist Archive: opensuse-updates (53 mails)

< Previous Next >
openSUSE-SU-2012:0417-1: moderate: update for MozillaFirefox, MozillaThunderbird
openSUSE Security Update: update for MozillaFirefox, MozillaThunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0417-1
Rating: moderate
References: #745303 #746591 #747320 #749440 #750044 #750673

Cross-References: CVE-2011-3658 CVE-2012-0451 CVE-2012-0455
CVE-2012-0456 CVE-2012-0457 CVE-2012-0458
CVE-2012-0459 CVE-2012-0460 CVE-2012-0461
CVE-2012-0462 CVE-2012-0463 CVE-2012-0464

Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________

An update that fixes 12 vulnerabilities is now available.

Description:

Changes in MozillaThunderbird:
- update to Thunderbird 11.0 (bnc#750044)
* MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag
and Drop and Javascript: URL
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653,
#720103) SVG issues found with Address Sanitizer
* MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with
multiple Content Security Policy headers
* MFSA 2012-16/CVE-2012-0458 Escalation of privilege with
Javascript: URL as home page
* MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when
accessing keyframe cssText after dynamic modification
* MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463 Miscellaneous memory safety hazards

Changes in mozilla-xulrunner192:
- security update to 1.9.2.28 (bnc#750044)
* MFSA 2011-55/CVE-2011-3658 (bmo#708186) nsSVGValue
out-of-bounds access
* MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag
and Drop and Javascript: URL
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653,
#720103) SVG issues found with Address Sanitizer
* MFSA 2012-16/CVE-2012-0458 Escalation of privilege with
Javascript: URL as home page
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463 Miscellaneous memory safety hazards

Changes in MozillaFirefox:
- update to Firefox 11.0 (bnc#750044)
* MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag
and Drop and Javascript: URL
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653,
#720103) SVG issues found with Address Sanitizer
* MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with
multiple Content Security Policy headers
* MFSA 2012-16/CVE-2012-0458 Escalation of privilege with
Javascript: URL as home page
* MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when
accessing keyframe cssText after dynamic modification
* MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463 Miscellaneous memory safety hazards

Changes in seamonkey:
- update to Seamonkey 2.8 (bnc#750044)
* MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag
and Drop and Javascript: URL
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653,
#720103) SVG issues found with Address Sanitizer
* MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with
multiple Content Security Policy headers
* MFSA 2012-16/CVE-2012-0458 Escalation of privilege with
Javascript: URL as home page
* MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when
accessing keyframe cssText after dynamic modification
* MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463 Miscellaneous memory safety hazards

Changes in chmsee:
- Update to version 1.99.08

Changes in mozilla-nss:
- update to 3.13.3 RTM
- distrust Trustwave's MITM certificates (bmo#724929)
- fix generic blacklisting mechanism (bmo#727204)

Changes in mozilla-nspr:
- update to version 4.9 RTM


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-175

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-175

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.1 (i586 x86_64):

MozillaFirefox-11.0-2.23.1
MozillaFirefox-branding-upstream-11.0-2.23.1
MozillaFirefox-buildsymbols-11.0-2.23.1
MozillaFirefox-debuginfo-11.0-2.23.1
MozillaFirefox-debugsource-11.0-2.23.1
MozillaFirefox-devel-11.0-2.23.1
MozillaFirefox-translations-common-11.0-2.23.1
MozillaFirefox-translations-other-11.0-2.23.1
MozillaThunderbird-11.0-33.14.1
MozillaThunderbird-buildsymbols-11.0-33.14.1
MozillaThunderbird-debuginfo-11.0-33.14.1
MozillaThunderbird-debugsource-11.0-33.14.1
MozillaThunderbird-devel-11.0-33.14.1
MozillaThunderbird-translations-common-11.0-33.14.1
MozillaThunderbird-translations-other-11.0-33.14.1
chmsee-1.99.08-2.15.2
chmsee-debuginfo-1.99.08-2.15.2
chmsee-debugsource-1.99.08-2.15.2
enigmail-1.4.0+11.0-33.14.1
enigmail-debuginfo-1.4.0+11.0-33.14.1
libfreebl3-3.13.3-9.13.1
libfreebl3-debuginfo-3.13.3-9.13.1
libsoftokn3-3.13.3-9.13.1
libsoftokn3-debuginfo-3.13.3-9.13.1
mozilla-js-11.0-2.23.1
mozilla-js-debuginfo-11.0-2.23.1
mozilla-js192-1.9.2.28-2.12.2
mozilla-js192-debuginfo-1.9.2.28-2.12.2
mozilla-nspr-4.9.0-3.3.1
mozilla-nspr-debuginfo-4.9.0-3.3.1
mozilla-nspr-debugsource-4.9.0-3.3.1
mozilla-nspr-devel-4.9.0-3.3.1
mozilla-nss-3.13.3-9.13.1
mozilla-nss-certs-3.13.3-9.13.1
mozilla-nss-certs-debuginfo-3.13.3-9.13.1
mozilla-nss-debuginfo-3.13.3-9.13.1
mozilla-nss-debugsource-3.13.3-9.13.1
mozilla-nss-devel-3.13.3-9.13.1
mozilla-nss-sysinit-3.13.3-9.13.1
mozilla-nss-sysinit-debuginfo-3.13.3-9.13.1
mozilla-nss-tools-3.13.3-9.13.1
mozilla-nss-tools-debuginfo-3.13.3-9.13.1
mozilla-xulrunner192-1.9.2.28-2.12.2
mozilla-xulrunner192-buildsymbols-1.9.2.28-2.12.2
mozilla-xulrunner192-debuginfo-1.9.2.28-2.12.2
mozilla-xulrunner192-debugsource-1.9.2.28-2.12.2
mozilla-xulrunner192-devel-1.9.2.28-2.12.2
mozilla-xulrunner192-devel-debuginfo-1.9.2.28-2.12.2
mozilla-xulrunner192-gnome-1.9.2.28-2.12.2
mozilla-xulrunner192-gnome-debuginfo-1.9.2.28-2.12.2
mozilla-xulrunner192-translations-common-1.9.2.28-2.12.2
mozilla-xulrunner192-translations-other-1.9.2.28-2.12.2
seamonkey-2.8-2.15.1
seamonkey-debuginfo-2.8-2.15.1
seamonkey-debugsource-2.8-2.15.1
seamonkey-dom-inspector-2.8-2.15.1
seamonkey-irc-2.8-2.15.1
seamonkey-translations-common-2.8-2.15.1
seamonkey-translations-other-2.8-2.15.1
seamonkey-venkman-2.8-2.15.1
xulrunner-11.0-2.23.1
xulrunner-buildsymbols-11.0-2.23.1
xulrunner-debuginfo-11.0-2.23.1
xulrunner-debugsource-11.0-2.23.1
xulrunner-devel-11.0-2.23.1
xulrunner-devel-debuginfo-11.0-2.23.1

- openSUSE 12.1 (x86_64):

libfreebl3-32bit-3.13.3-9.13.1
libfreebl3-debuginfo-32bit-3.13.3-9.13.1
libsoftokn3-32bit-3.13.3-9.13.1
libsoftokn3-debuginfo-32bit-3.13.3-9.13.1
mozilla-js-32bit-11.0-2.23.1
mozilla-js-debuginfo-32bit-11.0-2.23.1
mozilla-js192-32bit-1.9.2.28-2.12.2
mozilla-js192-debuginfo-32bit-1.9.2.28-2.12.2
mozilla-nspr-32bit-4.9.0-3.3.1
mozilla-nspr-debuginfo-32bit-4.9.0-3.3.1
mozilla-nss-32bit-3.13.3-9.13.1
mozilla-nss-certs-32bit-3.13.3-9.13.1
mozilla-nss-certs-debuginfo-32bit-3.13.3-9.13.1
mozilla-nss-debuginfo-32bit-3.13.3-9.13.1
mozilla-nss-sysinit-32bit-3.13.3-9.13.1
mozilla-nss-sysinit-debuginfo-32bit-3.13.3-9.13.1
mozilla-xulrunner192-32bit-1.9.2.28-2.12.2
mozilla-xulrunner192-debuginfo-32bit-1.9.2.28-2.12.2
mozilla-xulrunner192-gnome-32bit-1.9.2.28-2.12.2
mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.28-2.12.2
mozilla-xulrunner192-translations-common-32bit-1.9.2.28-2.12.2
mozilla-xulrunner192-translations-other-32bit-1.9.2.28-2.12.2
xulrunner-32bit-11.0-2.23.1
xulrunner-debuginfo-32bit-11.0-2.23.1

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-11.0-0.15.2
MozillaFirefox-branding-upstream-11.0-0.15.2
MozillaFirefox-buildsymbols-11.0-0.15.2
MozillaFirefox-debuginfo-11.0-0.15.2
MozillaFirefox-debugsource-11.0-0.15.2
MozillaFirefox-devel-11.0-0.15.2
MozillaFirefox-translations-common-11.0-0.15.2
MozillaFirefox-translations-other-11.0-0.15.2
MozillaThunderbird-3.1.20-0.15.4
MozillaThunderbird-buildsymbols-3.1.20-0.15.4
MozillaThunderbird-debuginfo-3.1.20-0.15.4
MozillaThunderbird-debugsource-3.1.20-0.15.4
MozillaThunderbird-devel-3.1.20-0.15.4
MozillaThunderbird-devel-debuginfo-3.1.20-0.15.4
MozillaThunderbird-translations-common-3.1.20-0.15.4
MozillaThunderbird-translations-other-3.1.20-0.15.4
enigmail-1.1.2+3.1.20-0.15.4
enigmail-debuginfo-1.1.2+3.1.20-0.15.4
libfreebl3-3.13.3-0.41.2
libfreebl3-debuginfo-3.13.3-0.41.2
libsoftokn3-3.13.3-0.41.2
libsoftokn3-debuginfo-3.13.3-0.41.2
mozilla-js192-1.9.2.28-0.22.2
mozilla-js192-debuginfo-1.9.2.28-0.22.2
mozilla-nspr-4.9.0-0.13.1
mozilla-nspr-debuginfo-4.9.0-0.13.1
mozilla-nspr-debugsource-4.9.0-0.13.1
mozilla-nspr-devel-4.9.0-0.13.1
mozilla-nss-3.13.3-0.41.2
mozilla-nss-certs-3.13.3-0.41.2
mozilla-nss-certs-debuginfo-3.13.3-0.41.2
mozilla-nss-debuginfo-3.13.3-0.41.2
mozilla-nss-debugsource-3.13.3-0.41.2
mozilla-nss-devel-3.13.3-0.41.2
mozilla-nss-sysinit-3.13.3-0.41.2
mozilla-nss-sysinit-debuginfo-3.13.3-0.41.2
mozilla-nss-tools-3.13.3-0.41.2
mozilla-nss-tools-debuginfo-3.13.3-0.41.2
mozilla-xulrunner192-1.9.2.28-0.22.2
mozilla-xulrunner192-buildsymbols-1.9.2.28-0.22.2
mozilla-xulrunner192-debuginfo-1.9.2.28-0.22.2
mozilla-xulrunner192-debugsource-1.9.2.28-0.22.2
mozilla-xulrunner192-devel-1.9.2.28-0.22.2
mozilla-xulrunner192-devel-debuginfo-1.9.2.28-0.22.2
mozilla-xulrunner192-gnome-1.9.2.28-0.22.2
mozilla-xulrunner192-gnome-debuginfo-1.9.2.28-0.22.2
mozilla-xulrunner192-translations-common-1.9.2.28-0.22.2
mozilla-xulrunner192-translations-other-1.9.2.28-0.22.2
seamonkey-2.8-0.15.1
seamonkey-debuginfo-2.8-0.15.1
seamonkey-debugsource-2.8-0.15.1
seamonkey-dom-inspector-2.8-0.15.1
seamonkey-irc-2.8-0.15.1
seamonkey-translations-common-2.8-0.15.1
seamonkey-translations-other-2.8-0.15.1
seamonkey-venkman-2.8-0.15.1

- openSUSE 11.4 (x86_64):

libfreebl3-32bit-3.13.3-0.41.2
libfreebl3-debuginfo-32bit-3.13.3-0.41.2
libsoftokn3-32bit-3.13.3-0.41.2
libsoftokn3-debuginfo-32bit-3.13.3-0.41.2
mozilla-js192-32bit-1.9.2.28-0.22.2
mozilla-js192-debuginfo-32bit-1.9.2.28-0.22.2
mozilla-nspr-32bit-4.9.0-0.13.1
mozilla-nspr-debuginfo-32bit-4.9.0-0.13.1
mozilla-nss-32bit-3.13.3-0.41.2
mozilla-nss-certs-32bit-3.13.3-0.41.2
mozilla-nss-certs-debuginfo-32bit-3.13.3-0.41.2
mozilla-nss-debuginfo-32bit-3.13.3-0.41.2
mozilla-nss-sysinit-32bit-3.13.3-0.41.2
mozilla-nss-sysinit-debuginfo-32bit-3.13.3-0.41.2
mozilla-xulrunner192-32bit-1.9.2.28-0.22.2
mozilla-xulrunner192-debuginfo-32bit-1.9.2.28-0.22.2
mozilla-xulrunner192-gnome-32bit-1.9.2.28-0.22.2
mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.28-0.22.2
mozilla-xulrunner192-translations-common-32bit-1.9.2.28-0.22.2
mozilla-xulrunner192-translations-other-32bit-1.9.2.28-0.22.2


References:

http://support.novell.com/security/cve/CVE-2011-3658.html
http://support.novell.com/security/cve/CVE-2012-0451.html
http://support.novell.com/security/cve/CVE-2012-0455.html
http://support.novell.com/security/cve/CVE-2012-0456.html
http://support.novell.com/security/cve/CVE-2012-0457.html
http://support.novell.com/security/cve/CVE-2012-0458.html
http://support.novell.com/security/cve/CVE-2012-0459.html
http://support.novell.com/security/cve/CVE-2012-0460.html
http://support.novell.com/security/cve/CVE-2012-0461.html
http://support.novell.com/security/cve/CVE-2012-0462.html
http://support.novell.com/security/cve/CVE-2012-0463.html
http://support.novell.com/security/cve/CVE-2012-0464.html
https://bugzilla.novell.com/745303
https://bugzilla.novell.com/746591
https://bugzilla.novell.com/747320
https://bugzilla.novell.com/749440
https://bugzilla.novell.com/750044
https://bugzilla.novell.com/750673


< Previous Next >
This Thread
  • No further messages